|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-24] AlsaPlayer: Multiple buffer overflows Vulnerability Scan
Vulnerability Scan Summary AlsaPlayer: Multiple buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-24
(AlsaPlayer: Multiple buffer overflows)
AlsaPlayer contains three buffer overflows: in the function that
handles the HTTP connections, the GTK interface, and the CDDB querying
mechanism.
Impact
A possible hacker could exploit the first vulnerability by enticing a user to
load a malicious URL resulting in the execution of arbitrary code with
the permissions of the user running AlsaPlayer.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4089
Solution:
AlsaPlayer has been masked in Portage pending the resolution of these
issues. AlsaPlayer users are advised to uninstall the package until
further notice:
# emerge --ask --unmerge "media-sound/alsaplayer"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|